Home

CVE-2021-41495

Description

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays. NOTE: While correct that validation is missing, an error can only occur due to an exhaustion of memory. If the user can exhaust memory, they are already privileged. Further, it should be practically impossible to construct an attack which can target the memory exhaustion to occur at exactly this place

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.122

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-41495,CVE-2021-41496 are fixed in Python-numpy 1.19Windows
scientific computing package with Python (USN-5763-1) python3-numpy_1.17.4-5ubuntu3.1_amd64.debLinux
scientific computing package with Python (USN-5763-1) python3-numpy_1.21.5-1ubuntu22.04.1_amd64.debLinux
scientific computing package with Python (USN-5763-1) python3-numpy_1.21.5-1ubuntu22.10.1_amd64.debLinux
(RHSA-2022:8852) Red Hat OpenStack Platform 16.2.4 (numpy) security update python3-numpy-1.17.0-11.el8ost.x86_64.rpmLinux
(RHSA-2022:8852) Red Hat OpenStack Platform 16.2.4 (numpy) security update python3-numpy-f2py-1.17.0-11.el8ost.x86_64.rpmLinux
SUSE-SU-2025:0424-1(Basesystem Module 15-SP6) python3-numpy-devel-1.17.3-150400.31.1.x86_64.rpmLinux
SUSE-SU-2025:0424-1(Basesystem Module 15-SP6) python3-numpy-debugsource-1.17.3-150400.31.1.x86_64.rpmLinux
SUSE-SU-2025:0424-1(Basesystem Module 15-SP6) python3-numpy-debuginfo-1.17.3-150400.31.1.x86_64.rpmLinux
SUSE-SU-2025:0424-1(Basesystem Module 15-SP6) python3-numpy-1.17.3-150400.31.1.x86_64.rpmLinux
Vulnerabilities CVE-2021-41495,CVE-2021-41496 are fixed in Python-numpy for linux 1.19Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234